1) I have some logins that use a different username than my default. So I create a new account and change a) the username b) add a url pattern and c) maybe the character set. I've been making a separate account per site even though some of them use the same username. Can I just add multiple URL patterns (e.g. *www.mybank.com* and *www.ebay.com*) to one account if they both use the same username. I did try this once and it didn't seem to work as it used only one of the URLs to generate the passwords.
Correct. Yes, you can do this, but as you noted, there is only one 'Use the following URL...' field, while you can have multiple URL patterns to match on. There is a one-to-one ratio of account to generated username/password.
2) The default account just "senses" the correct URL when I'm on the page when making a new password but my specific accounts need me to additionally add those URL patterns - why is that?
Good question...
First, to answer your question - PWM must have some way of knowing when an account is to be used, so you must tell it ahead of time.
But, this is definitely a source of new user confusion, and I have created a FR (Feature Request) to add a
New 'Default' and 'Advanced' Security Modes model to simplify this aspect of PWM, with the current URL Pattern wildcards/regex pattern as the 'Advanced' mode... please feel free to go and vote for it (you have 5 votes, so be sure to
read all of them and vote for any others that interest you.
3) On the topic of URL patterns... I sometimes never really know what the exact URL of the page is going to be (e.g. some pages use an https://, some an http://, some have no www, and some have extra stuff after the main URL e.g. www.ebay.com/user/browse/1234 <----- I'm just making that stuff up...). So when I want to add a pattern I end up having to put in something general like *ebay.com* to cover all bases. Doesn't that make it a bit insecure from sites (phishing sites?) with deliberately similar URLs?
Absolutely it does - again, read the FR I created for the new Security Modes - it will address this issue.
Until then, you will *have* to add all of the ones that may be used. Do *not* - *especially* for any accounts where money is involved - do *not* the wildcards you referenced above...
At a minimum, do *not* use a wildcard at the BEGINNING of a URL pattern - you want the FULL protocol+URL, ie:
http://www.example.com/*
The trailing slash-asterisk (/*) is important...
You can use regex expressions to account for some of the issues - like the http and https - but I don't recommend using them without a lot of reading and learning, as it is very easy to make a mistake.
Also, the 'Pattern Help' button will provide some assistance, but be careful - it does not warn sufficently about the dangers of phishing when using the wildcard patterns...
My bank, for one example, is a hard one as the login page is a pop-up window with no address bar, which closes after login (though, in fact I've actually managed to get that one to work so it's not a prob).
You mean a 'Basic HTTP Auth' pop-up? How did you get it to work? Or do you mean you just used PWM manually, manually entered the username and copied/pasted the password?
This looks like a great extension and I'm slowly getting a few things sorted out but I don't know if I'm going about it the best way - a lot of what I've done is trial and error. I have to say it seems like the manual is more of a menu glossary than a step-by-step tutorial in how to use the program.
PWM is one of the most important extensions - no - one of the most important tools in my toolkit, and honestly, I cannot imagine life on line without it. That said - yes, the manual is very dated, and we are working on a new wiki, but my time right now is very limited (I'm a volunteer here in the forumes, but not a developer). So, I understand your frustration and confusion...
Most of what I've learnt has been from the forums but it's meant I've had to go back and change a whole load of generated passwords more than once after doing them wrong the first time/s.
I know it's a lot of effort to write a good manual but it seems many people here on the forums are having the same problems with the very basics. Who knows, maybe I'll write one myself when I know enough about it...
Any help would be *greatly* appreciated... if you have any experience with wikis, I'm sure Eric wouldn't hesitate to set you up an account if you like...
OH ONE LAST THING I realise now when clicking submit. I registered on the forums 2 days ago and never received a confirmation email (I re-asked for one 3 times too). So now I can't even register again from the same computer
What username did you use? I can go in and fix it if you messed up on the email address or something...
Welcome to the world of PWM! Its the best thing since the internet!